Elido
Trust Center

Trust, written down.

Elido — EU-хостинг по умолчанию, GDPR-friendly, с audit trail из коробки. Всё ниже — то, что мы уже делаем, не планы.

Read the DPAsecurity@elido.app
SOC 2 Type II
ISO 27001
GDPR
HIPAA-aware (Business)
EU-residency
Workspace region · pin once
irreversible at create
  • FrankfurtFRA · eu-central-1
    EU residency · default

    Default for every workspace. Audit log, clicks, backups stay in-region. No DPF or Schrems II reliance.

  • AshburnIAD · us-east-1
    Opt-in

    Workspace creation only. Irreversible. For US-resident customers who want US data path.

  • SingaporeSIN · ap-southeast-1
    Business+ · opt-in

    Workspace creation only. Irreversible. APAC residency for Business and Enterprise plans.

No cross-region replication for hot dataaudit · clicks · backups
5
Sub-processors, public list
90d
Pro audit retention (7y on Business)
30d
DSAR SLA (5d expedited on Business)
0
Cross-region transfers for hot data

What “trust” means in product terms

Что мы имеем в виду под доверием

Each pillar maps to something concrete you can grep for in the audit log, the DPA, or our public infra repo. No marketing ambiguity.

EU-residency по умолчанию

Postgres, ClickHouse, Redis, MinIO — все во Франкфурте. Business может закрепить Ашберн или Сингапур. Free + Pro никогда не покидают ЕС.

Audit trail на всё

Настройки воркспейса, смены ролей, ротации ключей, создание/удаление ссылок, экспорт. Каждое событие имеет who/when/what — экспортируется.

Read-only по умолчанию для AI

AI-интеграции получают scoped, ротируемые ключи. Запись/удаление — отдельная явная настройка с аудитом.

BYOK и customer-managed keys

Свой KMS для шифрования at-rest на Business. Ротируйте ключи без перешифровки cold storage.

Anti-abuse pipeline

Каждая ссылка проходит через композитный сканер (URLhaus + Google Safe Browsing + эвристика) на создании и ещё раз — повторным воркером.

Прозрачность sub-processors

Полный список, локация, назначение. Уведомляем при добавлении; для части есть opt-out.

Append-only audit log

Every state change is recorded.

Append-only is enforced at the database layer: the audit table grants only INSERT and SELECT to application roles, with no UPDATE or DELETE. Even our own admins can’t rewrite history without a migration that shows up in change control. Retention is 90 days on Pro and 7 years on Business — covering SOX, MiFID II, and HIPAA without an add-on.

  • Actor identity
    User ID or service principal, plus source IP and request ID
  • Before/after diff
    Structured JSON diff of the changed row — not just a text log line
  • SIEM firehose
    HMAC-signed webhook to Splunk / Datadog / ELK in real time
  • Tamper-evident
    Postgres GRANT enforcement; no UPDATE / DELETE for app roles
Security overview →
Audit entry · evt_8c41a7
domain.claim · ws_8a2f
Actor
admin@elido.app
Timestamp (UTC)
2026-05-08T11:42:18Z
Source IP
203.0.113.42 · DE
Source
dashboard · req_a4f9c1
  {    "domain": "go.acme.eu",-   "status": "pending_dns",+   "status": "verified",-   "tls_mode": "none",+   "tls_mode": "on_demand",+   "verified_at": "2026-05-08T11:42:18Z",    "workspace_id": "ws_8a2f"  }
Event type
domain.claim
Diff lines
+3 / -2
Retention
7 years (Business)
Append-only · enforced by Postgres GRANTStreamed to SIEM

Data subject access requests

Subject rights via API.

You receive a subject request from your end user. You forward it via the dashboard or API as a controller-on-behalf-of-subject request — Elido authenticates the controller (you), not the subject. The bundle is a signed zip: identity record, links, audit-log entries where the subject is the actor, billing receipts if the subject is a workspace owner. Standard SLA is 30 days; Business expedited returns inside 5 business days.

  1. Step 1

    Subject request

    End user → controller (you)

    Subject contacts you. You authenticate them in your own product, not in Elido.

  2. Step 2

    DSAR API call

    POST /v1/dsar

    Forward as a controller-on-behalf request with subject email + request type (export / erase).

  3. Step 3

    Workspace bundle

    signed zip · JSON + CSV

    Identity, links, audit-log entries where subject is actor, billing if owner, anonymised click metadata.

  4. Step 4

    SLA

    30 days · 5 days expedited

    Standard SLA on every plan; Business expedited tier returns inside 5 business days.

Read the DPA →DSAR endpoint reference → API

Five sub-processors, listed publicly

Five vendors. Listed publicly.

The full list with vendor location, processing purpose, data categories, and DPA reference URL lives at /legal/subprocessors and is checked into the public docs repo, so changes appear in git history. Adding or replacing a sub-processor triggers a 30-day notice to every workspace admin via in-app banner and email before processing begins, so customers can object. monobank Plata replaced LiqPay under ADR-0026 in 2026-05.

Sub-processor fan-out · workspace data flow
5 vendors · public list
Your workspace
ws_xxxx
eu-central-1 (default)
  • HetznerISO 27001
    Compute · primary infra
    EU · Frankfurt + Helsinki
  • OVHISO 27001 · SOC 2
    Compute · Business region pins
    EU + APAC POPs
  • PostmarkSOC 2 Type II
    Transactional email
    EU (opt-out for EU-only)
  • monobank PlataPCI DSS L1
    Payments · replaced LiqPay (ADR-0026)
    EU
  • CloudflareISO 27001 · SOC 2
    Marketing proxy + WAF (not redirect path)
    Global
Adding a vendor triggers a 30-day customer notice/legal/subprocessors
See the full sub-processor list →Security overview → architecture

Compliance posture

Where we stand on the frameworks customers ask about.

No future-tense claims. Each row says what is shipped today, what’s in observation, and what’s available as an add-on under contract.

Achieved

ISO 27001

Information security management system, certified scope covers the full Elido platform.

In progress

SOC 2 Type II

Observation period running through H2 2026. Type I report available under NDA today.

Default

GDPR

EU residency by default, pre-signed DPA with standard SCCs, public sub-processor list.

Available

HIPAA-ready

BAA on Business+ with encryption, audit logging, and access controls already wired.

Default

EU residency

Postgres, ClickHouse, Redis, MinIO — all in Frankfurt. No reliance on Schrems II / DPF.

Default

Encryption

AES-256 at rest, TLS 1.3 in transit, KMS-backed key rotation. BYOK on Business.

Compliance FAQ

The questions procurement keeps emailing us.

Do you sign a DPA?

Yes. Our standard DPA is pre-signed with EU SCCs and downloadable from /legal/dpa. No negotiation needed for default terms — paid plans get it counter-signed automatically. Custom redlines are available on Business and Enterprise.

How many sub-processors do you use?

Five: Hetzner (compute, EU), OVH (compute, EU + APAC for region pins), Postmark (transactional email, EU), monobank Plata (payments, EU — replaced LiqPay under ADR-0026), and Cloudflare (marketing proxy + WAF; never on the redirect path). The full list with location, purpose, and DPA reference is at /legal/subprocessors.

Is region pinning available on every plan?

EU residency is the default for every workspace, on every plan, and never changes. Opt-in pinning to us-east-1 (Ashburn) or ap-southeast-1 (Singapore) is workspace-only, irreversible at create time, and gated to Business and Enterprise plans.

What's the DSAR turnaround?

30 days standard SLA on every plan. Business and Enterprise get a 5-business-day expedited tier. DSARs are filed via API or dashboard (POST /v1/dsar) — you authenticate the controller, we authenticate you, and the bundle ships as a signed zip with identity, links, audit-log entries, and billing records.

How do BAAs work for HIPAA?

BAA on Business+ only. The technical safeguards (encryption, audit logging, access control, secure backup) are the same as the default tier — the BAA is paperwork, not feature-gating. Email compliance@elido.app to start.

Is there a self-host option?

Yes. The redirect tier and click-ingester are open source under Apache 2.0 with a Helm chart for Kubernetes. Customers run the redirect tier in their own VPC and point the dashboard at our control plane, or run the entire stack on-prem. The repo is the same code we run.

How do you notify customers about sub-processor changes?

Adding or replacing a sub-processor triggers a 30-day notice via in-app banner and email to every workspace admin. Customers can object before processing begins. The list at /legal/subprocessors is checked into a public git repo so changes appear in version-control history.

Where do you publish incidents and uptime?

Live status, recent incidents, and full post-mortems at /status. Incidents that affect security are also posted to security@elido.app subscribers and to the Trust Center page within the SLA window defined in the DPA.

Куда смотреть дальше

Every claim above has a public doc. If you’re evaluating us for a procurement decision, start here.

Sub-processors

С кем мы делимся данными, где они и зачем.

DPA

Подпишите до обработки персональных данных ЕС.

Privacy

Что собираем, чего нет, сроки хранения.

Security

Архитектура, шифрование, секреты, threat model.

Status

Live uptime, инциденты, post-mortems.

Contact

Вопросы по безопасности?

security@elido.app для отчётов об уязвимостях (PGP доступен). compliance@elido.app для SOC 2 / ISO / DPA. Ответ — в течение одного рабочего дня.

Security

Vulnerability reports, security.txt, PGP key. We respond within one working day.

security@elido.app

Compliance

SOC 2 / ISO requests, DPA counter-signing, sub-processor notices, BAA process for HIPAA.

compliance@elido.app

Sales

Enterprise procurement, security questionnaires, and custom-terms requests.

sales@elido.app

Ready when procurement is.

Pre-signed DPA, public sub-processor list, audit log on every plan. Start free or talk to sales for the security questionnaire shortcut.

See pricingTalk to sales
Trust Center · Elido